Tuesday, November 15, 2016

An Apparent Guardium V10 GUI Bug that Prevents Configuration of Domain Authentication for MS SQL Server - And It's Workaround

by John Haldeman, Enterprise Architect

Today someone on our team ran into an issue with connecting to a MS SQL Server database using a domain authenticated user. It was the second time this happened to us, so I thought I would write a blog post in case someone else encounters it. You might already be familiar with the special considerations for making SQL Server domain authenticated connections in order to set up things like entitlement reports and vulnerability assessments. Specifically, you need the jTDS driver and some special configuration as outlined in this support document:
              https://www-01.ibm.com/support/docview.wss?uid=swg21675924

The problem is that we've encountered what looks like a bug in Guardium V10's GUI that prevents connection properties from being saved. This is with V10 GPU 125 applied. I think it's likely it affects all current V10 versions, but can't be sure. What that means is that the "domain=<your domain>" instructions listed at the end of the support document don't seem to work. When you test the connection, you'll get failed login errors and when you exit and try and edit the datasource again you might find that the domain parameter that you enter disappears - it looks like it isn't being applied to the datasource definition.